Unofficial E2guardian package for pfSense
-
The site you're testing has Jonathan on the url or on page content?
Thanks for the reply. It had the word in the page content. Am I misunderstanding something? Is there a way to block a site based on phrases in the page content?
-
The site you're testing has Jonathan on the url or on page content?
Thanks for the reply. It had the word in the page content. Am I misunderstanding something? Is there a way to block a site based on phrases in the page content?
Sure. This is what e2guardian does. Check if your request are getting logged and set log to dansguardian style. this way you can check more details.
-
@Mr.:
yet same errors in status/system logs after enabling e2guardian
Looks like you did not configured all the tabs or did not installed any blacklist(shallalist for example).
Thank you, also for testing it yourself in a clean install.
As far as I know, I have been through every tab, every field. I uncommented some default categories, added ports 8080 and 8888 (as I don't use Squid), but still, it doesn't work.
May 28 18:08:59 php-fpm 62161 /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Unable read plugin config plugname variable: /usr/local/etc/e2guardian/authplugins/proxy-header.conf auth_plugin_load() returned NULL pointer with config file: /usr/local/etc/e2guardian/authplugins/proxy-header.conf Error loading auth plugins Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'
May 28 18:08:59 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
May 28 18:08:59 e2guardian 65089 Error parsing the e2guardian.conf file or other e2guardian configuration files
May 28 18:08:59 e2guardian 65089 Error loading auth plugins
May 28 18:08:59 e2guardian 65089 auth_plugin_load() returned NULL pointer with config file: /usr/local/etc/e2guardian/authplugins/proxy-header.conf
May 28 18:08:59 e2guardian 65089 Unable read plugin config plugname variable /usr/local/etc/e2guardian/authplugins/proxy-header.conf
May 28 18:08:59 php-fpm 62161 /pkg_edit.php: Starting E2guardian
May 28 18:08:54 php-fpm 59553 /pkg_edit.php: [E2guardian] - Save settings package call pr: bp: rpc:noIs there any way we can find out what is going on?
-
Disable authentication plugins. Test e2guardianitself before testing authentication integration
-
Is there anyway to get some useful logging? For example being able to see which user tried to access blocked content etc?
I know there's some logging options but it's confusing. And I have no idea where it's actually saving the logs.
Also, I've added a bypass button to my block page. However, how do I make it appear for only certain groups? Currently it appears for everyone but only someone from a group with bypass access can use it.
-
Disable authentication plugins. Test e2guardianitself before testing authentication integration
Thank you.
I actually enabled them all because of your suggestion I hadn't configured everything. It didn't work when non were activated, it didn't work when I actived them, and now I disabled it and it still doesn't work.
May 28 22:21:42 php-fpm 10115 /pkg_edit.php: The command '/usr/local/etc/rc.d/e2guardian.sh start' returned exit code '1', the output was 'kern.ipc.somaxconn: 16384 -> 16384 kern.maxfiles: 131072 -> 131072 kern.maxfilesperproc: 104856 -> 104856 kern.threads.max_threads_per_proc: 4096 -> 4096 Starting e2guardian. Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf Error reading filter group conf file(s). Error parsing the e2guardian.conf file or other e2guardian configuration files /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian'
May 28 22:21:42 root /usr/local/etc/rc.d/e2guardian.sh: WARNING: failed to start e2guardian
May 28 22:21:42 e2guardian 15628 Error parsing the e2guardian.conf file or other e2guardian configuration files
May 28 22:21:42 e2guardian 15628 Error reading filter group conf file(s).
May 28 22:21:42 e2guardian 15628 Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf
May 28 22:21:42 e2guardian 15628 Error opening bannedsitelist
May 28 22:21:42 e2guardian 15628 Error reading file: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default
May 28 22:21:42 e2guardian 15628 Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains
May 28 22:21:42 e2guardian 15628 Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory
May 28 22:21:42 php-fpm 10115 /pkg_edit.php: Starting E2guardian -
@Mr.:
Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf
Still looks like you did not applied a blacklist yet. :(
What blacklist are you using? I'll test with the same here to see if I get same results. -
Is there anyway to get some useful logging? For example being able to see which user tried to access blocked content etc?
I can add the realtime tab from squid package
I know there's some logging options but it's confusing. And I have no idea where it's actually saving the logs.
Also, I've added a bypass button to my block page. However, how do I make it appear for only certain groups? Currently it appears for everyone but only someone from a group with bypass access can use it.
At least on gui, the report file is set for everyone. I'll take a look if there is a way to set a html report per group when I have time.
-
E2g logs are suposedto be in var/logs/e2guardian/access.log by default. But can be configured in the confs files.
-
Check if your request are getting logged and set log to dansguardian style. this way you can check more details.
So I turned on E2Guardian logging under E2Guardian > "Report and Log" and am using the following logging settings:
Logging Options: logconnectionhandlingerrors and logsslerrors are selected
Log level: All requests
Log File Format: E2Guardian format -space delimited (I presume that's what you meant by dansguardian logging ?).Here is the log of me using bing.com to google the word "Jonathan" and pulling up a baby names website for the name. I had expected the results to be blocked, but they were not. Neither was the URL I clicked from the search results:
2017.5.28 20:33:52 - 192.168.2.51 https://mtalk.google.com:443 *DENIED* Blocked HTTPS site: mtalk.google.com CONNECT 0 0 1 403 - Default - - 2017.5.28 20:34:02 - 192.168.2.51 https://www.google.com:443 CONNECT 297 0 1 200 - Default - - 2017.5.28 20:37:06 - 192.168.2.51 https://www.google.com:443 CONNECT 297 0 1 200 - Default - - 2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com GET 120488 0 1 200 text/html Default - - 2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com/s/a/hpc20.png GET 6327 0 1 200 image/png Default - - 2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com/sa/simg/bing_p_rr_teal_min.ico GET 440 0 1 200 image/x-icon Default - - 2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com/fd/s/a/hp/bing.svg GET 2269 0 1 200 image/svg+xml Default - - 2017.5.28 20:37:27 - 192.168.2.51 http://www.bing.com/rms/BingCore.Bundle/cj,nj/5b0f6180/3a724176.js?bu=rms+answers+Shared+BingCore%24ClientInstV2%24DuplicateXlsDefaultConfig%2cBingCore%24ClientInstV2%24SharedLocalStorageConfigDefault%2cBingCore%24shared%2cBingCore%24env.override%2cEmpty%2cBingCore%24event.custom.fix%2cBingCore%24event.native%2cBingCore%24onHTML%2cBingCore%24dom%2cBingCore%24cookies%2cBingCore%24XHRPrefetch%24rmsajax_xhrprefetch%2cBingCore%24ClientInstV2%24LogUploadCapFeatureDisabled%2cBingCore%24ClientInstV2%24ClientInstConfigSeparateOfflineQueue%2cBingCore%24clientinst%2cBingCore%24replay%2cBingCore%24Animation%2cBingCore%24fadeAnimation%2cBingCore%24framework GET 11859 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Identity%20Blue$BlueIdentityHeader/cj,nj/852c49bb/e5a4c93c.js GET 1469 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Identity%20Blue$BlueIdentityDropdownBootStrap/cj,nj/c0fac2c5/89faaefc.js GET 1053 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Rewards%20ReportActivityBootstrap/cj,nj/b02cd505/1fcedcf7.js GET 409 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Identity%20SnrWindowsLiveConnectBootstrap/cj,nj/bf587ad6/f1d86b5a.js GET 226 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Rewards%20RewardsNcHeaderBootstrapAjax/cj,nj/da6046e6/37177be5.js GET 834 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/Framework/cj,nj/f0fe13d0/9101d3f2.js?bu=rms+answers+BoxModel+config.instant%2ccore%2ccore%24viewport%2ccore%24layout%2ccore%24metrics%2cmodules%24mutation%2cmodules%24error%2cmodules%24network%2cmodules%24cursor%2cmodules%24keyboard%2cmodules%24bot GET 18642 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/MataderoBridge_EN-US9215461155_1920x1080.jpg GET 346569 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rewardsapp/ncheader?ver=8_01_0_000000&IID=SERP.5066&IG=B2A20E8DF3FF45A5AE8871AA7607E94B POST 128 0 1 200 text/html Default - - application/x-www-form-urlencoded,,4,0,,0; 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rewardsapp/reportActivity POST 331 0 1 200 application/x-javascript Default - - application/x-www-form-urlencoded,,32,0,,0; 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Rewards%20Blue$RewardsIconBepBlue/cj,nj/0dfdab0b/c8cc1a8c.js GET 2444 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/AutoSug/cj,nj/0ede0059/7f268558.js?bu=rms+answers+AutoSuggest+Service%2cWeb%24Utils%2cWeb%24EventRegisterer%2cWeb%24EventRegistration%2cEmpty%2cEmpty%2cEmpty%2cWeb%24WebCore%2cWeb%24DataProvider%2cEmpty%2cEmpty%2cWeb%24Canvas%2cWeb%24Layout%2cWeb%24SearchForm%2cWeb%24Ghosting%2cEmpty%2cWeb%24PrefixThrottling%2cEmpty%2cEmpty%2cEmpty%2cWeb%24Init GET 41157 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/sa/8_01_0_000000/HPImgVidViewer_c.js GET 15436 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/notifications/render?bnptrigger=%7B%22PartnerId%22%3A%22HomePage%22%2C%22IID%22%3A%22SERP.2000%22%2C%22Attributes%22%3A%7B%22RawRequestURL%22%3A%22%2F%22%7D%7D&IG=B2A20E8DF3FF45A5AE8871AA7607E94B&IID=SERP.2000 GET 7340 0 1 200 text/html Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/sa/8_01_0_000000/HpbCarouselHeaderPopup.js GET 21701 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/HPImageArchive.aspx?format=hp&idx=0&n=1&nc=1496018248611&pid=hp&video=1&quiz=1&fav=1&IG=B2A20E8DF3FF45A5AE8871AA7607E94B&IID=SERP.1050 GET 3518 0 1 200 text/html Default - - 2017.5.28 20:37:28 - 192.168.2.51 https://login.live.com:443 CONNECT 6391 0 1 200 - Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/hpm?IID=SERP.1000&IG=B2A20E8DF3FF45A5AE8871AA7607E94B GET 23804 0 1 200 text/html Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20MultimediaFavorites%20Core$MMFaves/cj,nj/56b755ce/802fbfb7.js GET 1974 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Homepage%20ImageFavorites/cj,nj/99fc20e9/f936b02d.js GET 4797 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_gk4h42Q9lU4EtYn8OEjh0w&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4343 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_nJBHw4U6gMbVxZfYFo1RwA&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 5723 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_OoXgiqX9Oay856JGvzS5mQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4551 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews__p57gNEEPZNe7qpJ6BUtPQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4103 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_mqVHsYFCCcvvCDDMnglQ3g&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4012 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_QfZP2ppEVxzXSA-yoFTeng&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 3910 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/hpm?IG=B2A20E8DF3FF45A5AE8871AA7607E94B&IID=SERP.1001&chunk=1 GET 33613 0 1 200 text/html Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Hdm3aFA4bR-u6AC8cy_jdA&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 3276 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_IfzGD7vDMQz5vgJytO91EQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4157 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_aB4hjnPd6keFBBptFb4xBw&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 3229 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_gN3cVC33DuKgDFJUh6_0Mg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 3750 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_j8JZL0TGnjM1_NIyNqsc1g&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4338 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/Passport.aspx?popup=1 GET 320 0 1 200 text/html Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_rbVJvY8AheSWX2Qs436mYg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4879 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Rf87MuLtUK30DADykEVT0Q&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4625 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Ox4dCrVSrmNe4uNgNwhv6Q&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 5832 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Aj9bDRzNsFlDRdPJsUOmHQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4263 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 https://webservice.accountable2you.com:443 CONNECT 7746 0 1 200 - Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_Rs-aOqpAtLd4D7cvvVW05w&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4682 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_nwX0_2E9zb4FEXQ-mAI4Nw&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 5524 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_mi_yhimtQoVz7sCBtHGbLg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 5226 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_gVi_gDxMDKqXyAubzis80g&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 5948 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/favorites/cfx GET 6189 0 1 200 text/html Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_6Mh-1XP9wcP1mEvkocLN-w&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 3786 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_9tc0HwVQirtav-z7Ih6cxw&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 5040 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_FnPz0CU5CaAVzRmwwh2PHg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 3486 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_FvNwzqI2FP1McSKf3oK8OQ&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 4501 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_JiQGQB5z3j2GYmgX0bipwA&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 6790 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/th?id=OPN.RTNews_mM94NGpY80r8FfAYLjWCIg&w=150&h=75&c=7&rs=2&qlt=80&cdv=1&pid=PopNow GET 3714 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/BromoJava_EN-US13327758529_800x480.jpg GET 60498 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/MataderoBridge_EN-US9215461155_800x480.jpg GET 64465 0 1 200 image/jpeg Default - - 2017.5.28 20:37:28 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/PyramidsOfMeroe_EN-US10074354144_400x240.jpg GET 18403 0 1 200 image/jpeg Default - - 2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/BB1883_EN-US15158286681_400x240.jpg GET 23515 0 1 200 image/jpeg Default - - 2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/Fiddleheads_EN-US12581425191_400x240.jpg GET 21920 0 1 200 image/jpeg Default - - 2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/Dipper_EN-US11520051960_400x240.jpg GET 14342 0 1 200 image/jpeg Default - - 2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/LakePowellStorm_EN-US6822865622_400x240.jpg GET 10068 0 1 200 image/jpeg Default - - 2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/az/hprichbg/rb/ArlingtonDrone_EN-US12840808174_1920x1080.jpg GET 347274 0 1 200 image/jpeg Default - - 2017.5.28 20:37:29 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=&cp=0&css=1&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 49188 0 1 200 text/html Default - - 2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=j&cp=1&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 2652 0 1 200 text/html Default - - 2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jo&cp=2&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 2530 0 1 200 text/html Default - - 2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jon&cp=3&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 2564 0 1 200 text/html Default - - 2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jonat&cp=5&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 2688 0 1 200 text/html Default - - 2017.5.28 20:37:30 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jonath&cp=6&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 2696 0 1 200 text/html Default - - 2017.5.28 20:37:31 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jonatha&cp=7&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 2704 0 1 200 text/html Default - - 2017.5.28 20:37:31 - 192.168.2.51 http://www.bing.com/AS/Suggestions?pt=page.home&mkt=en-us&qry=jonathan&cp=8&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 2712 0 1 200 text/html Default - - 2017.5.28 20:37:31 - 192.168.2.51 http://www.bing.com/fd/ls/GLinkPing.aspx?IG=B2A20E8DF3FF45A5AE8871AA7607E94B&ID=SERP,5096.1 GET 42 0 1 200 image/gif Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/search?q=jonathan&qs=n&form=QBLH&sp=-1&pq=jonathan&sc=8-8&sk=&cvid=B2A20E8DF3FF45A5AE8871AA7607E94B GET 147239 0 1 200 text/html Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/sa/simg/SharedSpriteDesktop_0317.png GET 7223 0 1 200 image/png Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Shared%20AudioPlayer/cj,nj/06434522/a88be62a.js GET 4201 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20serp%20shareWebResults_c.source/cj,nj/14377375/0f4b3475.js GET 2169 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20serp%20MMRichHover_c.source/cj,nj/125b8b5e/358266f5.js GET 4277 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20SegmentFilters%20Blue$GenericDropDownModernCalendar/cj,nj/9597cdd8/80bcfd34.js GET 6623 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20serp%20ImageRichHover_c.source/cj,nj/237c6cac/826e3f75.js GET 3276 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Multimedia%20answerDenseIrpOnSerp/cj,nj/31585425/280785e1.js GET 511 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20WebResult%20Blue$WebResultToolboxBlue/cj,nj/2ae3e834/f0e4bfe8.js GET 3776 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20VisualSystem%20Footer$IPv6TestScript/cj,nj/057ca6f0/5787c7bb.js GET 1720 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Web%20SerpKeyboardNavigation/cj,nj/7475625b/75d5c2ad.js GET 1762 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rms/rms%20answers%20Web%20SerpKeyboardNavigation_SelectorHeaderPlusAlgo/cj,nj/21e5bd51/760e67e3.js GET 883 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/th?id=Ae0587b77db405f75496d967798e76f72&w=75&h=75&c=7&rs=1&qlt=80&cdv=1&pid=16.1 GET 2324 0 1 200 image/jpeg Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/th?id=Acaaeec41135dae73466ae20403408622&w=75&h=75&c=12&rs=1&qlt=80&cdv=1&pid=16.2 GET 2224 0 1 200 image/jpeg Default - - 2017.5.28 20:37:32 - 192.168.2.51 https://login.live.com:443 CONNECT 6391 0 1 200 - Default - - 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/rewardsapp/ncheader?ver=8_01_0_000000&IID=SERP.5359&IG=A614F5AA45C149B8BC5D8731B4A5802D POST 128 0 1 200 text/html Default - - application/x-www-form-urlencoded,,4,0,,0; 2017.5.28 20:37:32 - 192.168.2.51 http://www.bing.com/Passport.aspx?popup=1 GET 320 0 1 200 text/html Default - - 2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.SiAsY3UzXr5C2Jghw2bALADOEu&w=68&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 GET 4059 0 1 200 image/jpeg Default - - 2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.0j55GDWc_6zMMhm_BxkXNQEsDh&w=134&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 GET 3940 0 1 200 image/jpeg Default - - 2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.ob_PVXnbtCOuO7yVjUhRcgHgFo&w=134&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 GET 4923 0 1 200 image/jpeg Default - - 2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.QbA0ljHIaU7927QrTut5sAEsDh&w=134&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 GET 4959 0 1 200 image/jpeg Default - - 2017.5.28 20:37:33 - 192.168.2.51 http://tse1.mm.bing.net/th?id=OIP.MWXchiZQ6eQufX6eJal81AEsDh&w=134&h=105&c=8&rs=1&qlt=90&pid=3.1&rm=2 GET 5281 0 1 200 image/jpeg Default - - 2017.5.28 20:37:34 - 192.168.2.51 http://94976cce011b0f14362048de90a5981c.clo.footprintdns.com/apc/trans.gif GET 43 0 1 200 image/gif Default - - 2017.5.28 20:37:34 - 192.168.2.51 http://www2.bing.com/ipv6test/test GET 64 0 1 200 text/html Default - - 2017.5.28 20:37:34 - 192.168.2.51 http://fca8cab8a6186d2d09110584419c450f.clo.footprintdns.com/apc/trans.gif GET 43 0 1 200 image/gif Default - - 2017.5.28 20:37:35 - 192.168.2.51 http://www.bing.com/fd/ls/GLinkPingPost.aspx?IG=A614F5AA45C149B8BC5D8731B4A5802D&ID=SERP,5129.1&url=http%3A%2F%2Fwww.thinkbabynames.com%2Fmeaning%2F1%2FJonathan POST 42 0 1 200 image/gif Default - - 2017.5.28 20:37:35 - 192.168.2.51 http://297731de25f050329aadb147d862023e.clo.footprintdns.com/apc/trans.gif GET 43 0 1 200 image/gif Default - - 2017.5.28 20:37:35 - 192.168.2.51 http://www.thinkbabynames.com/meaning/1/Jonathan GET 21850 0 1 200 text/html Default - - 2017.5.28 20:37:35 - 192.168.2.51 http://297731de25f050329aadb147d862023e.clo.footprintdns.com/apc/17k.gif?297731de25f050329aadb147d862023e GET 18104 0 1 200 image/gif Default - - 2017.5.28 20:37:35 - 192.168.2.51 http://www.thinkbabynames.com/style6.css GET 8211 0 1 200 text/css Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://code.jquery.com/jquery-latest.min.js GET 95786 0 1 200 application/javascript Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/tts.js GET 470 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/dropcap.min.js GET 1632 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/play.png GET 761 0 1 200 image/png Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/thinkbabynames.png GET 6357 0 1 200 image/png Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/dark-planingwood.png GET 68769 0 1 200 image/png Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/cl-webfont.woff2 GET 11168 0 1 200 text/plain Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://cdn.tynt.com/siab.js *DENIED* Blocked site: tynt.com GET 0 0 1 403 - Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://cdn.tynt.com/siab.js *DENIED* Blocked site: tynt.com GET 0 0 1 403 - Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://cdn.tynt.com/siab.js *DENIED* Blocked site: tynt.com GET 0 0 1 403 - Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://cdn.thinkbabynames.com/img/goudyini-webfont.woff2 GET 168512 0 1 200 text/plain Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/graph/1/0/Jonathan/Jonathan_Johnathan_Johnathon_Jon_Jonathon_Nathan GET 120784 0 1 200 image/png Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/graph/1/0/Jonathan GET 108572 0 1 200 image/png Default - - 2017.5.28 20:37:36 - 192.168.2.51 https://www.google-analytics.com:443 *DENIED* Blocked HTTPS site: google-analytics.com CONNECT 0 0 1 403 - Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/audio/recs/point1sec.mp3 *DENIED* Banned file extension: .mp3 GET 0 0 Banned extension 1 403 audio/mpeg Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/graph/1/1/Jonathan GET 185217 0 1 200 image/png Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/graph/1/1/Jonathan/Jonathan_Nathan GET 169376 0 1 200 image/png Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://i.po.st/static/v4/post-widget.js GET 22538 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://po.st/v1/status?w=wid-51l3pq5&getConfig=true&pubKey=1rn3s9hbucnca0ghdmg5&_=1496018257155&callback=pwNeuCallback70e50 GET 1207 0 1 200 application/javascript Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://www.thinkbabynames.com/favicon.ico GET 894 0 1 200 image/vnd.microsoft.icon Default - - 2017.5.28 20:37:36 - 192.168.2.51 http://i.po.st/static/v4/css/post-widget.css?4_29_0_rel_3393 GET 8345 0 1 200 text/css Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/css/theme-default.css?4_29_0_rel_3393 GET 53840 0 1 200 text/css Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/js/plugins/responsive.js GET 785 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/js/plugins/copypaste.js GET 1859 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/fonts/post-icons-32.woff GET 7112 0 1 200 application/font-woff Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://rp.gwallet.com/r1/pixel/x33643r783863113 GET 659 0 1 200 text/html Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://p.po.st/p?vw=4&t=view&v=4.29.0-rel-3393&random=1496018257326&ru=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Djonathan%26qs%3Dn%26form%3DQBLH%26sp%3D-1%26pq%3Djonathan%26sc%3D8-8%26sk%3D%26cvid%3DB2A20E8DF3FF45A5AE8871AA7607E94B&vGUID=1f60-5dd8-b971-aa0a-7342-13e5-5a4a-c842&pu=http%3A%2F%2Fwww.thinkbabynames.com%2Fmeaning%2F1%2FJonathan&pt=Jonathan%20-%20Name%20Meaning%2C%20What%20does%20Jonathan%20mean%3F&pub=1rn3s9hbucnca0ghdmg5 GET 43 0 1 200 image/gif Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://tags.bluekai.com/site/15845?id=AB-f5uhrn26ExaueM-ght6MqA *DENIED* Blocked site: bluekai.com GET 0 0 1 403 - Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://b.scorecardresearch.com/b?c1=7&c2=8973917&c3=1&ns__t=1496018257462&ns_c=windows-1252&cv=3.1&c8=Jonathan%20-%20Name%20Meaning%2C%20What%20does%20Jonathan%20mean%3F&c7=http%3A%2F%2Fwww.thinkbabynames.com%2Fmeaning%2F1%2FJonathan&c9=http%3A%2F%2Fwww.bing.com%2Fsearch%3Fq%3Djonathan%26qs%3Dn%26form%3DQBLH%26sp%3D-1%26pq%3Djonathan%26sc%3D8-8%26sk%3D%26cvid%3DB2A20E8DF3FF45A5AE8871AA7607E94B *DENIED* Blocked site: scorecardresearch.com GET 0 0 1 403 - Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://i.po.st/static/v4/js/plugins/shareQuote.js GET 1659 0 1 200 application/x-javascript Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://cw.addthis.com/t.gif?r=1&pid=21&pidt=0&pdid=AB-F6LQyxp80O7b6LQnpU3L9w *DENIED* Blocked site: addthis.com GET 0 0 1 403 - Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://idsync.rlcdn.com/398656.gif?partner_uid=p41PxXBQEla6PYALS-RvZ2ansv0 GET 43 0 1 200 image/gif Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://io.narrative.io/?companyId=31&id=radiumone_id%3AAB-ypHOBgov06PRiqB6B8oBhQ&ret=img GET 35 0 1 200 image/gif Default - - 2017.5.28 20:37:37 - 192.168.2.51 http://rs.gwallet.com/r1/ucm?id=30326278345616453644401004954487063145&r1s=q4ynrb63yk8hu79s4bbbn4exnezxd3jgae1kzq1nr7bbeqnekjey GET 57 0 1 200 image/gif Default - -
-
I had expected the results to be blocked, but they were not. Neither was the URL I clicked from the search results:
I had a feeling the problem was going to be caused by something stupid that I did wrong. And it was. Apparently, it doesn't matter if the checkbox on ACLs > Phrase Lists is checked to be Enabled. They aren't REALLY enabled unless the General > Weighted Phrase Mode is set to something other than "Off." I hadn't even realized I had missed turning that setting on. Obviously this isn't your fault - it's a quirk of E2Guardian. And now that I know the quirk, I can work around it.
Anyway, on a side note, Marcelloc, words cannot express how truly grateful I am for your work in helping E2Guardian come to pfSense. I really do mean that. I'm so excited to finally be able to start configuring pfSense with keyword blocking! I was about to give up hope of finding a good solution and then I found this. Many, many thanks for your efforts!
-
I had expected the results to be blocked, but they were not. Neither was the URL I clicked from the search results:
I had a feeling the problem was going to be caused by something stupid that I did wrong. And it was. Apparently, it doesn't matter if the checkbox on ACLs > Phrase Lists is checked to be Enabled. They aren't REALLY enabled unless the General > Weighted Phrase Mode is set to something other than "Off." I hadn't even realized I had missed turning that setting on. Obviously this isn't your fault - it's a quirk of E2Guardian. And now that I know the quirk, I can work around it.
Anyway, on a side note, Marcelloc, words cannot express how truly grateful I am for your work in helping E2Guardian come to pfSense. I really do mean that. I'm so excited to finally be able to start configuring pfSense with keyword blocking! I was about to give up hope of finding a good solution and then I found this. Many, many thanks for your efforts!
Did you confirmed the problem was the General setting? When you enabled it the phrase blocking you tested started to work?
-
Did you confirmed the problem was the General setting? When you enabled it the phrase blocking you tested started to work?
Yes, once the General setting was enabled, phrase blocking worked just fine. Quite confusing for a noob such as myself, but now that I know to look in two spots, I'm good. Thanks for the assistance!
-
I am wondering how do I remove tinyproxy from the Services.
Since I use squid I do not really have a need for tinyproxy. How do I remove it from the Status/Services?
I guess I can "pkg remove tinyproxy" but this won't remove it from the page.
Is there a parameter for the install script to not install it in the first place?
-
Is there a parameter for the install script to not install it in the first place?
not yet.
You can remove it from config.xml using viconfig, a bad config.xml file breaks your firewall.
-
@Mr.:
Error reading file /usr/local/etc/e2guardian/lists/blacklists/adult/domains: No such file or directory Error opening file: /usr/local/etc/e2guardian/lists/blacklists/adult/domains Error reading: /usr/local/etc/e2guardian/lists/bannedsitelist.g_Default Error opening bannedsitelist Error opening filter group config: /usr/local/etc/e2guardian/e2guardianf1.conf
Still looks like you did not applied a blacklist yet. :(
What blacklist are you using? I'll test with the same here to see if I get same results.Thank you Marcello :D
The shallalist in your first post.
I downloaded and retried it five times.
The GUI says I applied it (pic).
How can I safely remove icap, clam, e2guardian, tinyproxy, and all others?
So I can start fresh again, and can you give me the exact install commands?
-
Sorry to ask another question, but does E2Guardian support Man in the Middle for SSL? When I set my web browser to use port 3128 (from the Squid proxy server) and I load Amazon.com, the certificate is issued by "internal-ca" as I would expect. But when I change the port to 8080 to use E2Guardian, the SSL is issued by Amazon - not "internal-ca." This is causing keyword filtering not to work for SSL websites.
Any suggestions for what I may have missed?
-
Sorry to ask another question, but does E2Guardian support Man in the Middle for SSL? When I set my web browser to use port 3128 (from the Squid proxy server) and I load Amazon.com, the certificate is issued by "internal-ca" as I would expect. But when I change the port to 8080 to use E2Guardian, the SSL is issued by Amazon - not "internal-ca." This is causing keyword filtering not to work in SSL mode.
Any suggestions for what I may have missed?
Yes it does. Thanks to marcelloc now we have e2g with mitm support.
Select the Groups Tab. Edit the group that you want to enable mitm.
Select "Filter ssl sites …" in Group options. Save.
Remember to set the Certificate for SSL mitm in General Tab. Save.
-
I'm changing the packages under unofficial repo to have uninstall and update under system -> Package manger. E2guardian will take some time as it needs a manual compiled binaries. But packages like wpad and filer are already updated.
-
Yes it does. Thanks to marcelloc now we have e2g with mitm support.
Select the Groups Tab. Edit the group that you want to enable mitm.
Select "Filter ssl sites …" in Group options. Save.
Remember to set the Certificate for SSL mitm in General Tab. Save.
Thanks for the quick reply! So I got the correct SSL cert now ('internal-ca), but SSL Keyword filtering seems to be spotty. For example, if I Google using a banned (not weighted) keyword (temporarily I've set the word "Jonathan" to be banned), the search results still display. If I click on the Wikipedia article (which is HTTPS), it gets blocked, but I would have expected the search results on Google (also HTTPS) to have been blocked too. If I go to Amazon (again HTTPS) and search for "Jonathan" I also can see search results, and if I click any of the links, they show up just fine - completely ignoring the banned keyword.
Any ideas why?